CVE-1999-1290

Vulnerability

A buffer overflow vulnerability exists in the nftp FTP client version 1.40 [1]. The flaw occurs when the client processes a response string from an FTP server; if the response is excessively long, it overflows an internal buffer [2]. The code path is reachable during the initial server greeting (e.g., the 220 banner) without any special client configuration [2].

Exploitation

An attacker must operate a malicious FTP server that sends a crafted response, such as 4400 'X' characters followed by a newline, upon client connection [2]. The victim must be running nftp version 1.40 and connect to the attacker's server. No authentication or user interaction beyond initiating the connection is required [2]. The overflow occurs during processing of the server's response, leading to a crash or potential code execution [2].

Impact

Successful exploitation can cause a denial of service (client crash) and, if the overflow is carefully controlled, arbitrary code execution on the victim's machine [2]. The attacker gains the privileges of the user running the nftp client, which could lead to full system compromise if that user has elevated rights [2].

Mitigation

No official fix was available at the time of disclosure (November 1998) [2]. The software is likely obsolete; users should avoid using nftp version 1.40 and consider migrating to a maintained FTP client [1]. As of the publication date, this vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.